| ▲ | rvnx 14 hours ago | |
and they are right, this is because a lot of junior sysadmins believe that newer = better. But the reality: A couple of the few reasons to upgrade something is: https://en.wikipedia.org/wiki/2024_CrowdStrike-related_IT_ou... | ||
| ▲ | miki123211 11 hours ago | parent | next [-] | |
On the other hand, I suspect LLMs will dramatically decrease the window between a vulnerability being discovered and that vulnerability being exploited in the wild, especially for open-source projects. Even if the vulnerability itself is discovered through other means than by an LLM, it's trivial to ask a SOTA model to "monitor all new commits to project X and decide which ones are likely patching an exploitable vulnerability, and then write a PoC." That's a lot easier than finding the vulnerable itself. I won't be surprised if update windows (for open source networked services) shrink to ~10 minutes within a year or two. It's going to be a brutal world. | ||
| ▲ | mr_toad 8 hours ago | parent | prev | next [-] | |
Too often I see IT departments use this as an excuse to only upgrade when they absolutely have to, usually with little to no testing in advance, which leaves them constantly being back-footed by incompatibility issues. The idea of advanced testing of new versions of software (that they’ll be forced to use eventually) never seems to occur, or they spend so much time fighting fires they never get around to it. | ||
| ▲ | gjvc 9 hours ago | parent | prev [-] | |
all fair points, on the other hand, as a general rule, isn't it important to stay on currently-supported versions of pieces of software that you run? ymmv, but in my experience projects like postgresql which have been reliable, tend to continue to be so. | ||